Add resize_root boot operation. If resize_root=YES in rc.conf then
the system attempts to resize the root file system to fill it's
partition prior to mounting read-write. Useful for things like AMI
file system images. May eventually be used by arm images after
coming up with similar solution for increasing the parition size.

sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")

Import the new apropos/whatis.
This code has been developed by Abhinav Upadhyay as part of Google's Summer
of Code 2011. It uses libmandoc to parse man pages and builds a Full
Text Index in a SQLite database. The combination of indexing the full
manual page, filtering out stop words and ranking individual matches
based on the section gives a much improved user experience.
The old makewhatis and friends are kept under MKMAKEMANDB=no for now.

Load entropy at system boot (only works at securelevel < 1); save
at system shutdown. Disable with random_seed=NO in rc.conf if desired.
Goes to some trouble to never load or save to network filesystems.
Entropy should really be loaded by the boot loader but I am still
sorting out how to pass it to the kernel.

provide a new 'bluetooth' rc.d script, to handle Bluetooth configuration
in a simpler manner. This replaces btattach, btconfig, bthcid, btdevctl
and sdpd scripts, and also should not require any configuration settings
other than "bluetooth=YES", though the full range of configurations is
still possible.

NPF checkpoint:
- Add libnpf(3) - a library to control NPF (configuration, ruleset, etc).
- Add NPF support for ftp-proxy(8).
- Add rc.d script for NPF.
- Convert npfctl(8) to use libnpf(3) and thus make it less depressive.
Note: next clean-up step should be a parser, once dholland@ will finish it.
- Add more documentation.
- Various fixes.

Split fsck during boot into two phases. Check the root file system
first, mount root and run the various disk providers. Add swap and
check the remaining file systems after that.
This breaks the dependency cycle for lvm, which needs writeable /dev.
Depend on rndctl in cgd.

* Add etc/rc.d/rndctl script, based on work by Brian A. Seklecki. This
allows you to invoke rndctl(8) during the boot.
* Add rndctl=NO and rndctl_flags="" to /etc/defaults/rc.conf.
* Document rndctl and rndctl_flags variables in rc.conf(5).

x68k pow(4) now uses MI sysmon_pswitch framework. suggested by tsutsui@.
- Make MD poffd(8) retire, and use MI powerd(8) instead of it.
- Make /dev/pow1 retire, because nobody holds /dev/pow0 any longer.
Use /dev/pow0 for pow(4) ioctl.
- POWIOCSSIGNAL ioctl which is for poffd(8) is also obsoleted.

some changes to serial bluetooth host controller interfaces
btuartd(8) should be named btattach(8) for consistency
with other parts of NetBSD
make btattach(8) a single-use tool for less complexity
device specicific initialisation (from btuart(4)) is carried
out prior to activating the line discipline (in btattach(8)),
which simplifies the API somewhat and means that the user
tool and the kernel do not need to be kept in sync.
btuart(4) driver is much reduced; naming is made consistent
and all tsleep() and delay() are removed to userland

Add some devfs code that's been sitting in my local tree for a while.
devfsd(8) is now the first daemon to be started after init(8). It tracks
device insertion (will eventually track removal) and devfs mounts.
Currently, we can mount multiple device file systems and have device
special files pushed into the mounts automatically, though, the device
special files aren't created with the correct major/minor number pairs
yet.
More work to come soon.

Per lukem's request, revert previous change which skipped installation
of /etc/rc.d/ipfilter and family if MKIPFILTER=no. As lukem points
out, skipping installation of etc/rc.d/ scripts is not inconsistent
with other optional components, such as pf, x11, etc.

Initial import of bluetooth stack on behalf of Iain Hibbert. (plunky@,
NetBSD Foundation Membership still pending.) This stack was written by
Iain under sponsorship from Itronix Inc.
The stack includes support for rfcomm networking (networking via your
bluetooth enabled cell phone), hid devices (keyboards/mice), and headsets.
Drivers for both PCMCIA and USB bluetooth controllers are included.

Pull up following revision(s) (requested by peter in ticket #717):
usr.sbin/pf/man/man5/pf.boot.conf.5: revision 1.1
usr.sbin/postinstall/postinstall: revision 1.4
etc/rc.d/pf: revision 1.6
etc/rc.d/pf_boot: revision 1.1
usr.sbin/pf/etc/defaults/pf.boot.conf: revision 1.1
usr.sbin/pf/Makefile: revision 1.7
etc/rc.d/Makefile: revision 1.52
etc/mtree/special: revision 1.89
usr.sbin/pf/man/man5/Makefile: revision 1.5
usr.sbin/pf/etc/defaults/Makefile: revision 1.1
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security

pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security

Consistently use CONFIGFILES & CONFIGLINKS (which enable the 'configinstall'
target) instead of using home-grown 'distribution' targets or using
FILES with the 'install' target.
Add some etc/ subdir Makefiles where appropriate.
XXX: some of etc/Makefile install-etc-files could be converted to CONFIGFILES.

Revert part of previous; etc/rc.d/kdc must be installed even if Kerberos
isn't enabled.
This is how the rc.d system works in conjunction with our current build
and install system; all the rc.d scripts are installed even if the
subsystems they control are not.

Fix the checkflist for builds without Kerberos 4 (MKKERBEROS4=no)
and without Kerberos 4 & 5 (MKKERBEROS=no). Previously checkflist
complained of missing files.
* move kerberos- and kerberos 4-only files into new flists,
distrib/sets/lists/*/krb.*
* make the flist generators grok MKKERBEROS{,4} variables
* fix Makefiles which treat MKKERBEROS=no as MKKERBEROS5=no.
9 out of 10 experts agree that it is ludicrous to build w/
KERBEROS4 and w/o KERBEROS5.
* fix header files, also, which treat MKKERBEROS=no as MKKERBEROS5=no.
* omit some Kerberos-only subdirectories from the build as
MKKERBEROS{,4} indicate
(I acknowledge the sentiment that flists are the wrong way to go,
and that the makefiles should produce the metalog directly. That
sounds to me like the right way to go, but I am not prepared to do
revamp all the makefiles. While my approach is expedient, it fits
painlessly within the current build architecture until we are
delivered from flist purgatory, and it does not postpone our
delivery. Fair enough?)

Tweak postinstall to check for (and help out on) the upgrade to
sendmail 8.12.8. Some of the same machinery (in shorter form) is in
the additions to rc.d/sendmail. Also, add a smmsp startup script for
the sendmail client queue runner.

Pull up revision 1.34 (requested by abs in ticket #772):
Split raidframe parity checking/rebuilding out into
raidframeparity, which is called after quota, so we don't
end up with fsck and raidframe parity rebuild taking forever
after a crash/reboot.
While here, check for raid[0-9].conf and raid[1-9][0-9].conf
and not raid[0-9].conf and raid[0-9][0-9].conf

Split raidframe parity checking/rebuild out into raidframeparity, which is
called after quota so we don't end up with fsck and raidframe parity rebuild
taking forever after a crash/reboot.
While we are here check for raid[0-9].conf & raid[1-9][0-9].conf not
raid[0-9].conf & raid[0-9][0-9].conf

- in <bsd.files.mk>, don't clear FILES after using it, as that prevents
make -V FILES
from being useful (and given that every other variable can be
extracted using make -V, the behaviour was unusually inconsistent
given that the original reason for clearing it doesn't seem to be
relevant anymore)
- use <bsd.prog.mk> instead of directly including <bsd.files.mk>
(and possibly <bsd.man.mk> or <bsd.own.mk>)
- remove obsolete NOPROG

Rename NETWORK to NETWORKING, to allow rc.d to be on a case insensitive
file system (prevents conflict with 'network'). PROVIDE both NETWORKING
and NETWORK (the latter for compatibility with 3rd party scripts).

Startup script for racoon(8). Racoon provides "ike", and requires
"kdc" (since you might want to use IPsec on your Kerberos server,
and might be using GSSAPI to authenticate Phase 1) and "ppp" (since
racoon(8) needs to know about all of your network interfaces).

An sshd startup script for use with usr.bin/sshd. Installation is conditional
on ${SSHDIST}, as with usr.bin/ssh itself.
This script includes a `keygen' target for regenerating RSA and DSA host keys,
and invokes this if these keys are not present when sshd is started up.

* add new dummy dependancy `NETWORK' to be REQUIREd by services which need
networking to be operational before starting, and use as appropriate.
NETWORK depends upon network and dhclient.
* move the guts of systemfs into mountcritlocal
* replace the dependancy on systemfs with mountcritremote, and remove the
former.
* SERVERS now also depends upon ppp
Notes:
* dhclient (and others) needs /var to be a $critical_filesystem_beforenet
* dhclient now starts before syslogd (because the latter needs /usr, and
/usr might need dhclient to be mounted)
Should fix PRs:
[install/9853] [bin/10002] [misc/10349] [port-i386/10633] [misc/10641]